Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VvArtem2018-12-19 19:37:41
Laravel
VvArtem, 2018-12-19 19:37:41

How to solve session issue when enabling EncryptCookie in Laravel 5.7?

Faced with the problem that after the transfer of the project to the server, the session is created with each request. Sessions are stored in files, and each request creates a new file with content.
We found a dependency in the following, sessions start working correctly if EncryptCookies is removed from the web route group . Therefore, I wonder what exactly is the problem and how does it affect the sessions themselves?

// app/Http/Kernel.php

protected $middlewareGroups = [
        'web' => [
            \Illuminate\Cookie\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ]
    ];

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
VvArtem, 2018-12-24
@VvArtem

In general, the problem turned out to be in the php config, the mbstring.func_overload 2 parameter was enabled. And there the random_bytes method did not work correctly along the chain, i.e. it gave out a string whose length strlen did not consider correctly. As a result, the cookie validity check method returned false.
Since php7 the composer will throw an error that this option should be turned off, so I doubt that anyone else will run into this problem.

Report
G
German Malinovsky, 2018-12-20
@fl4r3

You can simply leave EncryptCookies on and add the name of the cookie to the $except array inside this class so that it is not encrypted. The session ID is stored in a cookie that has a lifetime and is encrypted to prevent the cookie from being intercepted over the network or from the user's device. The session will "disappear" with each request only if there is no file with the session on the server (for example, when balancing requests between different php servers in the pool) or the cookie with the identifier will not be sent by the browser. I think the problem is most likely something else.

Similar questions
L
Lucius Mooning2018-04-20 12:53:51
How to make a unified method for store and update models? 2Reply
S
suhuxa12018-04-20 18:22:51
Why is laravel vue in the view folder? 1Reply
A
ag0332020-05-26 15:03:41
How can I make jobs run synchronously? 1Reply
S
Sergey Kuzmenko2021-08-07 12:04:48
How to make one with an additional parameter from two collections? 1Reply
M
Muhammad2015-12-14 06:46:29
How to use Gulp with Laravel? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question